def _load_file(self, lock: bool = False) -> dict[str, _T]:
return store.load_from_mk_file(
"%s" % self._config_file_path,
key=self._config_variable,
default={},
lock=lock,
)
def _read_sitespecific_mknotifyd_config() -> dict[str, Any]:
return store.load_from_mk_file(
path=Path(cmk.utils.paths.default_config_dir, "mknotifyd.d", "wato",
"sitespecific.mk"),
key="notification_spooler_config",
default={},
)
def load_roles():
# type: () -> Roles
roles = store.load_from_mk_file(
os.path.join(_multisite_dir(), "roles.mk"),
"roles",
default=_get_builtin_roles(),
)
# Make sure that "general." is prefixed to the general permissions
# (due to a code change that converted "use" into "general.use", etc.
# TODO: Can't we drop this? This seems to be from very early days of the GUI
for role in roles.values():
for pname, pvalue in role["permissions"].items():
if "." not in pname:
del role["permissions"][pname]
role["permissions"]["general." + pname] = pvalue
# Reflect the data in the roles dict kept in the config module needed
# for instant changes in current page while saving modified roles.
# Otherwise the hooks would work with old data when using helper
# functions from the config module
# TODO: load_roles() should not update global structures
config.roles.update(roles)
return roles
def _load_file(self, lock=False):
return store.load_from_mk_file(
"%s" % self._config_file_path,
key=self._config_variable,
default={},
lock=lock,
)
def load_connection_config(lock=False):
# type: (bool) -> List[UserConnectionSpec]
filename = os.path.join(_multisite_dir(), "user_connections.mk")
return store.load_from_mk_file(filename,
"user_connections",
default=[],
lock=lock)
def load_timeperiods() -> TimeperiodSpecs:
if "timeperiod_information" in g:
return g.timeperiod_information
timeperiods = store.load_from_mk_file(wato_root_dir() + "timeperiods.mk",
"timeperiods", {})
timeperiods.update(builtin_timeperiods())
g.timeperiod_information = timeperiods
return timeperiods
def _load_file(self, lock: bool = False) -> TagConfigSpec:
cfg = store.load_from_mk_file(
self._config_file_path,
key=self._config_variable,
default={},
lock=lock,
)
if not cfg: # Initialize with empty default config
return {"tag_groups": [], "aux_tags": []}
return cfg
def load_notification_rules(lock=False):
filename = wato_root_dir() + "notifications.mk"
notification_rules = store.load_from_mk_file(filename, "notification_rules", [], lock=lock)
# Convert to new plugin configuration format
for rule in notification_rules:
if "notify_method" in rule:
method = rule["notify_method"]
plugin = rule["notify_plugin"]
del rule["notify_method"]
rule["notify_plugin"] = (plugin, method)
return notification_rules
def _load_file(self, lock: bool = False) -> dict[str, Password]:
"""The actual passwords are stored in a separate file for special treatment
Have a look at `cmk.utils.password_store` for further information"""
return join_password_specs(
store.load_from_mk_file(
self._config_file_path,
key=self._config_variable,
default={},
lock=lock,
),
password_store.load(),
)
def load_sites(cls) -> SiteConfigurations:
if not os.path.exists(cls._sites_mk()):
return config.default_single_site_configuration()
raw_sites = store.load_from_mk_file(cls._sites_mk(), "sites", {})
if not raw_sites:
return config.default_single_site_configuration()
sites = config.migrate_old_site_config(raw_sites)
for site in sites.values():
if site["proxy"] is not None:
site["proxy"] = cls.transform_old_connection_params(site["proxy"])
return sites
def _read_passwords_mk() -> dict[str, password_store.Password]:
return store.load_from_mk_file(
Path(cmk.utils.paths.check_mk_config_dir, "wato", "passwords.mk"),
key="stored_passwords",
default={},
)
def load_users(lock: bool = False) -> Users:
filename = _root_dir() + "contacts.mk"
if lock:
# Note: the lock will be released on next save_users() call or at
# end of page request automatically.
store.aquire_lock(filename)
if 'users' in g:
return g.users
# First load monitoring contacts from Check_MK's world. If this is
# the first time, then the file will be empty, which is no problem.
# Execfile will the simply leave contacts = {} unchanged.
contacts = store.load_from_mk_file(filename, "contacts", {})
# Now load information about users from the GUI config world
filename = _multisite_dir() + "users.mk"
users = store.load_from_mk_file(_multisite_dir() + "users.mk",
"multisite_users", {})
# Merge them together. Monitoring users not known to Multisite
# will be added later as normal users.
result = {}
for uid, user in users.items():
# Transform user IDs which were stored with a wrong type
uid = ensure_str(uid)
profile = contacts.get(uid, {})
profile.update(user)
result[uid] = profile
# Convert non unicode mail addresses
if "email" in profile:
profile["email"] = ensure_str(profile["email"])
# This loop is only neccessary if someone has edited
# contacts.mk manually. But we want to support that as
# far as possible.
for uid, contact in contacts.items():
# Transform user IDs which were stored with a wrong type
uid = ensure_str(uid)
if uid not in result:
result[uid] = contact
result[uid]["roles"] = ["user"]
result[uid]["locked"] = True
result[uid]["password"] = ""
# Passwords are read directly from the apache htpasswd-file.
# That way heroes of the command line will still be able to
# change passwords with htpasswd. Users *only* appearing
# in htpasswd will also be loaded and assigned to the role
# they are getting according to the multisite old-style
# configuration variables.
def readlines(f):
try:
return Path(f).open(encoding="utf-8")
except IOError:
return []
# FIXME TODO: Consolidate with htpasswd user connector
filename = cmk.utils.paths.htpasswd_file
for line in readlines(filename):
line = line.strip()
if ':' in line:
uid, password = line.strip().split(":")[:2]
uid = ensure_str(uid)
if password.startswith("!"):
locked = True
password = password[1:]
else:
locked = False
if uid in result:
result[uid]["password"] = password
result[uid]["locked"] = locked
else:
# Create entry if this is an admin user
new_user = {
"roles": config.roles_of_user(uid),
"password": password,
"locked": False,
}
result[uid] = new_user
# Make sure that the user has an alias
result[uid].setdefault("alias", uid)
# Other unknown entries will silently be dropped. Sorry...
# Now read the serials, only process for existing users
serials_file = '%s/auth.serials' % os.path.dirname(
cmk.utils.paths.htpasswd_file)
for line in readlines(serials_file):
line = line.strip()
if ':' in line:
user_id, serial = line.split(':')[:2]
user_id = ensure_str(user_id)
if user_id in result:
result[user_id]['serial'] = utils.saveint(serial)
# Now read the user specific files
directory = cmk.utils.paths.var_dir + "/web/"
for d in os.listdir(directory):
if d[0] != '.':
uid = ensure_str(d)
# read special values from own files
if uid in result:
for attr, conv_func in [
('num_failed_logins', utils.saveint),
('last_pw_change', utils.saveint),
('last_seen', utils.savefloat),
('enforce_pw_change', lambda x: bool(utils.saveint(x))),
('idle_timeout', _convert_idle_timeout),
('session_id', _convert_session_info),
]:
val = load_custom_attr(uid, attr, conv_func)
if val is not None:
result[uid][attr] = val
# read automation secrets and add them to existing
# users or create new users automatically
try:
user_secret_path = Path(directory) / d / "automation.secret"
with user_secret_path.open(encoding="utf-8") as f:
secret: Optional[str] = ensure_str(f.read().strip())
except IOError:
secret = None
if secret:
if uid in result:
result[uid]["automation_secret"] = secret
else:
result[uid] = {
"roles": ["guest"],
"automation_secret": secret,
}
# populate the users cache
g.users = result
return result
def load_timeperiods() -> TimeperiodSpecs:
timeperiods = store.load_from_mk_file(wato_root_dir() + "timeperiods.mk",
"timeperiods", {})
timeperiods.update(builtin_timeperiods())
return timeperiods
def load_contacts() -> Dict[str, Any]:
return store.load_from_mk_file(_contacts_filepath(), "contacts", {})
